Wednesday, July 21, 2010

/etc/hosts.equiv and $HOME/.rhosts:

The first file read by the local host is its /etc/passwd file. An entry for that particular user in this file enables that user to log in to the local host from a remote system. If a password is associated with that account, then the remote user is required to supply this password at log in to gain system access.
If there is no entry in the local host’s /etc/password file for the remote user, access is denied.

/etc/hosts.quiv and $HOME/.rhosts files bypass this standard password-based authentication to determine if a remote user is allowed to access the local host, with the identity of a local user.
These files provide a remote authentication procedure to make that determination.

This procedure first checks the /etc/hosts.eqiv file and then checks the $HOME/.rhosts file in the home directory of the local user who is requesting access. The information contained in these two file (if they exist) determines if remote access is granted or denied.

Difference between /etc/hosts.equiv and $HOME/.rhosts
/etc/hosts.equiv
- The information in this file applies to the entire system.
$HOME/.rhosts
- The information in this file applies to the individual user.
- In other words, individual users can maintain their own $HOME/.rhosts files in their directories.
Entries in the /etc/hosts.equiv and $HOME/.rhosts file:
Both the files have the same format, the same entries in each file, but have different effects.
Both the files are formatted as a list of one-line entries, which can contain the following types of entries:
hostname
hostname username
+

Note: The host names in the above files must be the official name of the host, not one of its alias names.

/etc/hosts.equiv file rules:
- For regular users, the /etc/hosts.equiv file identifies remote hosts and remote users who are considered to be trusted.
- The file is not checked at all if the remote user requesting local access is the root user.
- If the file contains the host name of a remote host, then all regular users of that remote host are trusted and do not need to supply a password to log in to the local host. This is provided so that each remote user is known to the local host by having an entry in the local /etc/passwd file; otherwise, access is denied.
- This file will not exist by default. It must be created if trusted remote user access is required on the local host.

$HOME/.rhosts file rules:
- Applies to a specific user
- All users, including root user can create and maintain their own .rhosts files in their home directories.
- This file does not exist by default. Can be created it in the user’s home directory.

No comments:

Post a Comment